Digital Rights Management (DRM) controls use of digital content, and protects lawful rights and interests of a content owner mainly through a solution of rights limitation and content protection. After a Content Issuer (CI) encrypts the digital content, a user downloads a data packet of the encrypted digital content to a terminal device. A Rights Issuer (RI) is responsible for distributing a Rights Object (RO) corresponding to the digital content, and the RO includes a content decryption key and corresponding rights. Only owning the data packet of the digital content (which includes information necessary for decrypting the digital content) and the RO at the same time, a device is able to normally use the purchased digital content. A DRM Agent gets an RO key by means of decryption with a private key of the device, then gets the digital content decrypted with a content key in the RO, and controls detailed use for the digital content by the user according to rights information in the RO. The RO includes such information as the rights, the limitation, the key, and the digital signature. For the same content, multiple different ROs including different rights can be produced. For example, for a certain document file, browsing rights, printing rights and Move rights of the RO are set in some RO, and only the browsing rights are set in some other RO.
A device owning an RO can independently consume the RO and use the corresponding digital content, and a device without an RO can also consume an RO in a Secure Removable Media (SRM) by interacting with the SRM. The SRM can be a security storage card or a smart card. An RO can be stored on the SRM, so that the RO can be consumed conveniently on multiple devices through the SRM. As with the RO stored on the device, the RO stored on the SRM still needs to be moved out. For example, the user can assign the RO of some old content on the SRM to his/her friends, and purchase an RO of new content for the empty space.
The device moves its own stored RO to the SRM, and also, the device moves the RO from the SRM. In the moving process, the device must check whether “the RO is movable” is noted for the RO itself, that is, checking whether the RO has move rights, and whether the RI allows to move the RO in advance. If the RO stored in the SRM does not have the move rights, or the move rights have been used up, a terminal is incapable of moving the RO out from the SRM. If the user does not fully consider the problems about whether it is needed to move the RO in future, and the times by which it is needed to move the RO during purchasing the RO, it is possible that the RO cannot be moved, which limits the application of the RO.